diff --git a/ibm_catalog.json b/ibm_catalog.json
index 2e59deb00..72329224c 100644
--- a/ibm_catalog.json
+++ b/ibm_catalog.json
@@ -17,43 +17,53 @@
"vpc",
"slz",
"IaC",
- "infrastructure as code",
"terraform",
- "solution",
+ "virtualservers",
"vsi",
- "virtual server instance"
+ "servers",
+ "solution",
+ "infrastructure as code"
],
- "short_description": "Creates a secure infrastructure with virtual servers to run your workloads on a VPC network",
- "long_description": "The VSI on VPC landing zone provides secure and customizable compute resources for running your applications and services. It creates secure and compliant Virtual Server Instances (VSI) on top of an existing Virtual Private Cloud (VPC) network.",
+ "short_description": "Deploys secure Virtual Server Instances on IBM Cloud VPC with flexible configurations, QuickStart options for simplified setup, and integrated security and logging features",
+ "long_description": "Landing zone for applications with virtual servers delivers fast-provisioned, high-performance compute with network isolation and built-in security. [VSIs](https://cloud.ibm.com/docs/vpc?topic=vpc-about-advanced-virtual-servers) can be deployed into new or existing Virtual Private Clouds (VPCs) with flexible configurations and integration to networking, storage, and security services. They support both x86 and s390x [profiles](https://cloud.ibm.com/docs/vpc?group=profiles) to match compute and memory needs. Designed for secure, compliant, and customizable application workloads, VSIs enable consistent, scalable deployments across multiple zones and subnets within an IBM Cloud VPC.",
"offering_docs_url": "https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-overview#overview-vsi",
- "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/.docs/images/deploy-arch-slz-vsi-lt.svg",
+ "offering_icon_url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone-vsi/main/images/vsi-icon.svg",
"provider_name": "IBM",
"features": [
{
- "description": "Creates and configures one or more virtual servers to handle workloads.\n",
- "title": "Creates virtual servers for workloads"
+ "title": "Configurable Compute, Networking, and Placement",
+ "description": "Creates and configures one or more [IBM Cloud Virtual Server Instances (VSIs)](https://cloud.ibm.com/docs/vpc?topic=vpc-about-advanced-virtual-servers) into a fully configurable IBM Cloud VPC with multi-zone [subnets](https://cloud.ibm.com/docs/vpc?topic=vpc-about-subnets-vpc&interface=ui), and placement control. Supports quick start or advanced setups with customizable VSI [profiles](https://cloud.ibm.com/docs/vpc?group=profiles) and attachment to networking and security services."
+ },
+ {
+ "title": "Resilient Traffic and Access Controls",
+ "description": "Enables Network (Layer 4) and Application (Layer 7) [Load Balancers](https://cloud.ibm.com/docs/vpc?topic=vpc-nlb-vs-elb) with health checks, while enforcing least-privilege access via [security groups](https://cloud.ibm.com/docs/vpc?group=security-groups) and managed [SSH keys](https://cloud.ibm.com/docs/vpc?topic=vpc-ssh-keys&interface=ui). Integrates [Context-Based Restrictions (CBR)](https://cloud.ibm.com/docs/vpc?topic=vpc-cbr&interface=ui) to limit service access to approved landing zone VPCs."
},
{
- "description": "Configures the subnets for the VSIs and specifies which subnets the instances are deployed in.\n",
- "title": "Configures subnets"
+ "title": "Secure Storage and Key Management",
+ "description": "Attaches high-performance [Block Storage volumes]( https://cloud.ibm.com/docs/vpc?topic=vpc-block_storage_about) with selectable profiles and capacity, with optional [Key Management Services](https://cloud.ibm.com/docs/vpc?topic=vpc-vpc-encryption-about&interface=ui) for encryption using new or existing keys."
},
{
- "description": "Associates security groups with the VSIs to control inbound and outbound traffic to instances.\n",
- "title": "Associates security groups"
+ "title": "Secrets Management Integration",
+ "description": "Optionally adds [Cloud automation for Secrets Manager](https://cloud.ibm.com/catalog/7a4d68b4-cf8b-40cd-a3d1-f49aff526eb3/architecture/deploy-arch-ibm-secrets-manager-6d6ebc76-7bbd-42f5-8bc7-78f4fabd5944-global) to manage SSH private keys and other secrets."
},
{
- "description": "Provisions and manages SSH keys for the VSIs so that you can securely administer the instances.\n",
- "title": "Provisions SSH keys"
+ "title": "Sets up logging for the Virtual Server Instance",
+ "description": "Optionally, you can deploy Cloud automation for Cloud Logs to route, alert, and visualize platform logs that are generated by your Virtual Server Instance. [Learn more](https://cloud.ibm.com/docs/vpc?topic=vpc-logging)"
},
{
- "description": "Configures existing CBR (Context-based restrictions) rules to allow traffic to flow only from the landing zone VPCs to specific cloud services.\n",
- "title": "Configures CBR"
+ "title": "Sets up monitoring operational metrics for the Virtual Server Instance",
+ "description": "Optionally, you can deploy Cloud automation for Cloud Monitoring to measure how users and applications interact with your Virtual Server Instance. [Learn more](https://cloud.ibm.com/docs/vpc?topic=vpc-ibm-monitoring)"
+ },
+ {
+ "title": "Sets up activity tracking for the Virtual Server Instance",
+ "description": "Optionally, you can deploy Cloud automation for Activity Tracker Event Routing to route and securely store auditing events that are related to your Virtual Server Instance. [Learn more](https://cloud.ibm.com/docs/vpc?topic=vpc-at_events)"
}
],
"flavors": [
{
- "label": "QuickStart",
+ "label": "QuickStart - Financial Services edition",
"name": "quickstart",
+ "index": 3,
"install_type": "fullstack",
"working_directory": "patterns/vsi-quickstart",
"release_notes_url": "https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-secure-infrastructure-vpc-relnotes",
@@ -112,91 +122,65 @@
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager"
],
- "service_name": "appid"
+ "service_name": "appid",
+ "notes": "Required to create and manage App ID service instance."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager"
],
- "service_name": "cloud-object-storage"
+ "service_name": "cloud-object-storage",
+ "notes": "[Optional] Required if VPC Flow Logs are enabled."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager"
],
- "service_name": "hs-crypto"
+ "service_name": "hs-crypto",
+ "notes": "[Optional] Required if Hyper Protect Crypto Service is used for encryption."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::role:Administrator"
],
- "service_name": "iam-identity"
+ "service_name": "iam-identity",
+ "notes": "Required to create foundational IBM Cloud account resources, like IAM settings, resource groups."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager"
],
- "service_name": "kms"
+ "service_name": "kms",
+ "notes": "[Optional] Required if Key Protect is used for encryption."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager",
"crn:v1:bluemix:public:iam::::role:Administrator"
],
- "service_name": "is.vpc"
+ "service_name": "is.vpc",
+ "notes": "Required to create Virtual Private Cloud(VPC)."
}
],
"architecture": {
"features": [
{
- "title": "Separate VPC for management",
- "description": "Yes"
- },
- {
- "title": "Separate VPC for workloads",
- "description": "Yes"
- },
- {
- "title": "Adds a virtual server instance in every VPC subnet",
- "description": "Yes"
- },
- {
- "title": "Increases security with Key Management",
- "description": "Yes"
- },
- {
- "title": "Reduces failure events by using multizone regions",
- "description": "No"
- },
- {
- "title": "Collects and stores Internet Protocol (IP) traffic information with Activity Tracker and Flow Logs",
- "description": "No"
- },
- {
- "title": "Securely connects to multiple networks with a site-to-site virtual private network",
- "description": "No"
- },
- {
- "title": "Simplifies risk management and demonstrates regulatory compliance with Financial Services",
- "description": "No"
- },
- {
- "title": "Uses an edge VPC for secure access through the public internet",
- "description": "No"
+ "title": " ",
+ "description": "Ideal for sandbox environments, experimentation, and familiarization with architecture patterns."
},
{
- "title": "Uses floating IP addresses for access through the public internet",
- "description": "Yes"
+ "title": " ",
+ "description": "An introductory, non-certified deployment aligned with the Financial Services Cloud VPCs topology. Not suitable for production workloads."
}
],
"diagrams": [
{
"diagram": {
- "caption": "VSI on VPC landing zone - QuickStart variation",
+ "caption": "Virtual Server Instance topology- QuickStart (Financial Services edition)",
"url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/vsi-quickstart.drawio.svg",
"type": "image/svg+xml"
},
- "description": "The QuickStart variation of the VSI on VPC landing zone deployable architecture creates a fully customizable Virtual Private Cloud (VPC) environment in a single region. The solution provides virtual servers in a secure VPC for your workloads. The QuickStart variation is designed to deploy quickly for demonstration and development."
+ "description": "This variation provisions two Virtual Private Clouds (VPCs)—a Management VPC and a Workload VPC—in a single region to separate operations from workloads. Each VPC is a single-zone, multi-subnet design with Virtual Server Instances (VSIs) placed in every subnet for rapid demonstration and development.
It configures a transit gateway that , connects the VPCs and Key Protect is integrated to enhance security of sensitive assets. This QuickStart favors speed and simplicity , it uses floating IPs for public access.
It is ideal for sandbox environments and helps you get started quickly."
}
]
},
@@ -204,8 +188,9 @@
"dependency_version_2": true
},
{
- "label": "Standard",
+ "label": "Standard - Financial Services edition",
"name": "standard",
+ "index": 4,
"install_type": "fullstack",
"working_directory": "patterns/vsi",
"compliance": {
@@ -508,94 +493,64 @@
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager"
],
- "service_name": "appid"
+ "service_name": "appid",
+ "notes": "Required to create and manage App ID service instance."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager"
],
- "service_name": "cloud-object-storage"
+ "service_name": "cloud-object-storage",
+ "notes": "[Optional] Required if VPC Flow Logs are enabled."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager"
],
- "service_name": "hs-crypto"
+ "service_name": "hs-crypto",
+ "notes": "[Optional] Required if Hyper Protect Crypto Service is used for encryption."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::role:Administrator"
],
- "service_name": "iam-identity"
+ "service_name": "iam-identity",
+ "notes": "Required to create foundational IBM Cloud account resources, like IAM settings, resource groups."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::serviceRole:Manager"
],
- "service_name": "kms"
+ "service_name": "kms",
+ "notes": "[Optional] Required if Key Protect is used for encryption."
},
{
"role_crns": [
"crn:v1:bluemix:public:iam::::role:Administrator"
],
- "service_name": "is.vpc"
+ "service_name": "is.vpc",
+ "notes": "Required to create Virtual Private Cloud(VPC)."
}
],
"architecture": {
"features": [
{
- "title": "Separate VPC for management",
- "description": "Yes"
- },
- {
- "title": "Separate VPC for workloads",
- "description": "Yes"
- },
- {
- "title": "Virtual Server Instances for every subnet",
- "description": "Yes"
- },
- {
- "title": "Increases security with Key Management",
- "description": "Yes"
- },
- {
- "title": "Reduces failure events by using multizone regions",
- "description": "Yes"
- },
- {
- "title": "Collects and stores Internet Protocol (IP) traffic information with Activity Tracker and Flow Logs",
- "description": "Yes"
- },
- {
- "title": "Securely connects to multiple networks with a site-to-site virtual private network",
- "description": "Yes"
- },
- {
- "title": "Simplifies risk management and demonstrates regulatory compliance with Financial Services",
- "description": "Yes"
- },
- {
- "title": "Uses an edge VPC for secure access through the public internet",
- "description": "Yes, if enabled"
- },
- {
- "title": "Uses floating IP addresses for access through the public internet",
- "description": "No"
+ "title": " ",
+ "description": "Ideal for production workloads requiring compliance with financial services standards."
},
{
- "description": "Configures existing CBR (Context-based restrictions) rules to allow traffic to flow only from the landing zone VPCs to specific cloud services.\n",
- "title": "Configures CBR"
+ "title": " ",
+ "description": "Validated configuration aligned with IBM Cloud Framework for Financial Services."
}
],
"diagrams": [
{
"diagram": {
- "caption": "VSI on VPC landing zone - Standard variation",
+ "caption": "Virtual Server Instance topology - Standard (Financial Services edition)",
"url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/vsi-vsi.drawio.svg",
"type": "image/svg+xml"
},
- "description": "The Standard variation of the VSI on VPC landing zone deployable architecture is based on the IBM Cloud for Financial Services reference architecture. The architecture creates a customizable and secure infrastructure, with virtual servers, to run your workloads with a Virtual Private Cloud (VPC) in multizone regions."
+ "description": "This variation is aligned to the IBM Cloud for Financial Services reference architecture. It provisions two Virtual Private Clouds (VPCs)—a Management VPC and a Workload VPC—to separate operations from workloads and improve security. Each VPC is a multi-zone, multi-subnet design with Virtual Server Instances (VSIs) in every subnet to host your applications across regions for resiliency.
It configures transit gateway connects the VPCs and Virtual Private Endpoints (VPEs) provide private access to IBM Cloud services. The architecture integrates Key Protect to protect sensitive data and uses Activity Tracker and Flow Logs to collect and store Internet Protocol (IP) traffic information.
It securely connects to multiple networks through a site-to-site VPN. Optionally, an edge VPC enables controlled access through the public internet. It configures CBR (Context-based restrictions) to allow traffic only from the landing zone VPCs to approved cloud services.
Using this architecture, secure and compliant Virtual Server Instances (VSIs) are created on a VPC network."
}
]
},
@@ -605,8 +560,10 @@
{
"label": "Existing VPC",
"name": "existing-vpc",
- "install_type": "extension",
+ "index": 5,
+ "install_type": "fullstack",
"working_directory": "patterns/vsi-extension",
+ "release_notes_url": "https://cloud.ibm.com/docs/secure-infrastructure-vpc?topic=secure-infrastructure-vpc-secure-infrastructure-vpc-relnotes",
"dependencies": [
{
"flavors": [
@@ -735,40 +692,34 @@
"role_crns": [
"crn:v1:bluemix:public:iam::::role:Administrator"
],
- "service_name": "is.vpc"
+ "service_name": "is.vpc",
+ "notes": "Required to create Virtual Private Cloud(VPC)."
}
],
"architecture": {
"features": [
{
- "title": "Adds a virtual server instance in every VPC subnet",
- "description": "Yes"
- },
- {
- "title": "Increases security with Key Management",
- "description": "Yes"
- },
- {
- "title": "Simplifies risk management and demonstrates regulatory compliance with Financial Services",
- "description": "Yes"
+ "title": " ",
+ "description": "Ideal for extending existing VPC environments"
},
{
- "title": "Uses Floating IP address for access through the public internet",
- "description": "No"
+ "title": " ",
+ "description": "Validated configuration that enhances resiliency and security while aligning with financial services compliance requirements."
}
],
"diagrams": [
{
"diagram": {
- "caption": "VSI on existing VPC",
+ "caption": "Virtual Server Instance topology - VSI on existing VPC",
"url": "https://raw.githubusercontent.com/terraform-ibm-modules/terraform-ibm-landing-zone/main/reference-architectures/vsi-vsi.drawio.svg",
"type": "image/svg+xml"
},
- "description": "The extension to an existing VPC deployable architecture is based on the IBM Cloud for Financial Services reference architecture. The architecture creates a customizable and secure infrastructure with virtual servers to run your workloads with IBM Cloud VPC in multizone regions."
+ "description": "This variation is aligned to the IBM Cloud for Financial Services reference architecture. It provisions Virtual Server Instances (VSIs) in every subnet across multiple availability zones, delivering a resilient and secure multizone infrastructure to run your workloads.
The extension integrates Key Management to strengthen security of sensitive data and uses Activity Tracker with Flow Logs to collect and store Internet Protocol (IP) traffic data. A transit gateway connects the Management and Workload VPCs, while Virtual Private Endpoints (VPEs) provide private access to IBM Cloud services. Secure connectivity to enterprise environments is enabled through a site-to-site VPN, and CBR (Context-based restrictions) rules manage traffic flows to approved services.
This variation avoids the use of floating IPs for internet access, relying instead on private and controlled connections. It simplifies risk management and demonstrates regulatory compliance for Financial Services scenarios."
}
]
},
- "terraform_version": "1.10.5"
+ "terraform_version": "1.10.5",
+ "dependency_version_2": true
}
]
},